team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Synch my Railsgoat repo with parent's repo

Browse Source
This commit is contained in:
Al Snow
2015-08-19 12:05:01 -04:00
parent 4f2b3148ce 32df4e0ef7
commit 5ac280566e
9 changed files with 98 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Gemfile
+1 -1
View File
@@ -1,7 +1,7 @@
source 'https://rubygems.org'
#don't upgrade
gem 'rails', '4.0.13'
gem 'rails', '4.2.2'
ruby '2.2.2'
Gemfile.lock
+73 -44
View File
@@ -1,32 +1,43 @@
GEM
remote: https://rubygems.org/
specs:
actionmailer (4.0.13)
actionpack (= 4.0.13)
actionmailer (4.2.2)
actionpack (= 4.2.2)
actionview (= 4.2.2)
activejob (= 4.2.2)
mail (~> 2.5, >= 2.5.4)
actionpack (4.0.13)
activesupport (= 4.0.13)
builder (~> 3.1.0)
erubis (~> 2.7.0)
rack (~> 1.5.2)
rails-dom-testing (~> 1.0, >= 1.0.5)
actionpack (4.2.2)
actionview (= 4.2.2)
activesupport (= 4.2.2)
rack (~> 1.6)
rack-test (~> 0.6.2)
activemodel (4.0.13)
activesupport (= 4.0.13)
builder (~> 3.1.0)
activerecord (4.0.13)
activemodel (= 4.0.13)
activerecord-deprecated_finders (~> 1.0.2)
activesupport (= 4.0.13)
arel (~> 4.0.0)
activerecord-deprecated_finders (1.0.4)
activesupport (4.0.13)
i18n (~> 0.6, >= 0.6.9)
minitest (~> 4.2)
multi_json (~> 1.3)
thread_safe (~> 0.1)
tzinfo (~> 0.3.37)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.1)
actionview (4.2.2)
activesupport (= 4.2.2)
builder (~> 3.1)
erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.1)
activejob (4.2.2)
activesupport (= 4.2.2)
globalid (>= 0.3.0)
activemodel (4.2.2)
activesupport (= 4.2.2)
builder (~> 3.1)
activerecord (4.2.2)
activemodel (= 4.2.2)
activesupport (= 4.2.2)
arel (~> 6.0)
activesupport (4.2.2)
i18n (~> 0.7)
json (~> 1.7, >= 1.7.7)
minitest (~> 5.1)
thread_safe (~> 0.3, >= 0.3.4)
tzinfo (~> 1.1)
addressable (2.3.8)
arel (4.0.2)
arel (6.0.3)
aruba (0.7.4)
childprocess (>= 0.3.6)
cucumber (>= 1.1.1)
@@ -48,7 +59,7 @@ GEM
ruby_parser (~> 3.7.0)
sass (~> 3.0)
terminal-table (~> 1.4)
builder (3.1.4)
builder (3.2.2)
bundler-audit (0.4.0)
bundler (~> 1.2)
thor (~> 0.18)
@@ -95,13 +106,14 @@ GEM
foreman (0.78.0)
thor (~> 0.19.1)
formatador (0.2.5)
gauntlt (1.0.6)
aruba
gauntlt (0.1.4)
cucumber
nokogiri (~> 1.5.0)
nokogiri
trollop
gherkin (2.12.2)
multi_json (~> 1.3)
globalid (0.3.6)
activesupport (>= 4.1.0)
guard (2.13.0)
formatador (>= 0.2.4)
listen (>= 2.7, <= 4.0)
@@ -134,8 +146,9 @@ GEM
actionpack (>= 3.1)
railties (>= 3.1)
sass (>= 3.2)
jquery-rails (3.1.3)
railties (>= 3.0, < 5.0)
jquery-rails (4.0.4)
rails-dom-testing (~> 1.0)
railties (>= 4.2.0)
thor (>= 0.14, < 2.0)
json (1.8.3)
kgio (2.9.3)
@@ -145,6 +158,8 @@ GEM
listen (3.0.3)
rb-fsevent (>= 0.9.3)
rb-inotify (>= 0.9)
loofah (2.0.3)
nokogiri (>= 1.5.9)
lumberjack (1.0.9)
mail (2.6.3)
mime-types (>= 1.16, < 3)
@@ -158,12 +173,14 @@ GEM
thin (~> 1.5.0)
method_source (0.8.2)
mime-types (2.6.1)
minitest (4.7.5)
mini_portile (0.6.2)
minitest (5.8.0)
multi_json (1.11.2)
multi_test (0.1.2)
mysql2 (0.3.19)
nenv (0.2.0)
nokogiri (1.5.11)
nokogiri (1.6.6.2)
mini_portile (~> 0.6.0)
notiffany (0.0.7)
nenv (~> 0.1)
shellany (~> 0.0)
@@ -181,24 +198,35 @@ GEM
slop (~> 3.4)
pry-rails (0.3.4)
pry (>= 0.9.10)
rack (1.5.5)
rack (1.6.4)
rack-livereload (0.3.16)
rack
rack-protection (1.5.3)
rack
rack-test (0.6.3)
rack (>= 1.0)
rails (4.0.13)
actionmailer (= 4.0.13)
actionpack (= 4.0.13)
activerecord (= 4.0.13)
activesupport (= 4.0.13)
rails (4.2.2)
actionmailer (= 4.2.2)
actionpack (= 4.2.2)
actionview (= 4.2.2)
activejob (= 4.2.2)
activemodel (= 4.2.2)
activerecord (= 4.2.2)
activesupport (= 4.2.2)
bundler (>= 1.3.0, < 2.0)
railties (= 4.0.13)
sprockets-rails (~> 2.0)
railties (4.0.13)
actionpack (= 4.0.13)
activesupport (= 4.0.13)
railties (= 4.2.2)
sprockets-rails
rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha)
rails-dom-testing (1.0.7)
activesupport (>= 4.2.0.beta, < 5.0)
nokogiri (~> 1.6.0)
rails-deprecated_sanitizer (>= 1.0.1)
rails-html-sanitizer (1.0.2)
loofah (~> 2.0)
railties (4.2.2)
actionpack (= 4.2.2)
activesupport (= 4.2.2)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
raindrops (0.15.0)
@@ -275,7 +303,8 @@ GEM
trollop (2.1.2)
turbolinks (2.5.3)
coffee-rails
tzinfo (0.3.44)
tzinfo (1.2.2)
thread_safe (~> 0.1)
uglifier (2.7.1)
execjs (>= 0.3.0)
json (>= 1.8.0)
@@ -320,7 +349,7 @@ DEPENDENCIES
pry
pry-rails
rack-livereload
rails (= 4.0.13)
rails (= 4.2.2)
rb-fsevent
rspec-rails (= 2.14.2)
sass-rails
README.md
+14 -7
View File
@@ -1,42 +1,49 @@
# RailsGoat [![Build Status](https://api.travis-ci.org/OWASP/railsgoat.png?branch=master)](https://travis-ci.org/OWASP/railsgoat) [![Code Climate](https://codeclimate.com/github/OWASP/railsgoat.png)](https://codeclimate.com/github/OWASP/railsgoat)
RailsGoat is a vulnerable version of the Ruby on Rails Framework. It includes vulnerabilities from the OWASP Top 10, as well as some "extras" that the initial project contributors felt worthwhile to share. This project is designed to educate both developers, as well as security professionals.
RailsGoat is a vulnerable version of the Ruby on Rails Framework both versions 3 and 4. It includes vulnerabilities from the OWASP Top 10, as well as some "extras" that the initial project contributors felt worthwhile to share. This project is designed to educate both developers, as well as security professionals.
## Getting Started
To begin, install the Ruby Version Manager (RVM):
```
```bash
$ curl -L https://get.rvm.io | bash -s stable --autolibs=3 --ruby=2.1.2
```
After installing the package, clone this repo:
```
```bash
$ git clone git@github.com:OWASP/railsgoat.git
```
Navigate into the directory and install the dependencies:
**NOTE: NOT NECESSARY IF YOU WANT TO WORK WITH RAILS 4.** Otherwise, if you wish to use the Rails 3 version, you'll need to switch branches
```bash
$ cd railsgoat
$ git checkout rails_3_2
```
Navigate into the directory (already there if you followed the previous step) and install the dependencies:
```bash
$ bundle install
```
If you receive an error, make sure you have `bundler` installed:
```
```bash
$ gem install bundler
```
Initialize the database:
```
```bash
$ rake db:setup
```
Start the Thin web server:
```
```bash
$ rails server
```
app/assets/javascripts/application.js
+1 -1
View File
@@ -16,6 +16,7 @@
//= require wysiwyg/wysihtml5-0.3.0.js
//= require jquery.min.js
//= require jquery.scrollUp.js
//= require bootstrap.js
//= require wysiwyg/bootstrap-wysihtml5.js
//= require bootstrap-colorpicker.js
//= require date-picker/date.js
@@ -32,7 +33,6 @@
//= require jsapi
//= html5.js
function rubyCodeFormat() {
app/controllers/users_controller.rb
+1 -1
View File
@@ -55,7 +55,7 @@ class UsersController < ApplicationController
private
def user_params
params.require(:user).permit(:email, :admin, :first_name, :last_name, :user_id, :password, :password_confirmation)
params.require(:user).permit!
end
# unpermitted attributes are ignored in production
app/views/layouts/shared/_messages.html.erb
+1
View File
@@ -1,4 +1,5 @@
<% flash.each do |name, msg| %>
<% name = name.to_sym %>
<% if name == :error %>
<div class="alert alert-error">
<a class="close" data-dismiss="alert" href="#">×</a>
config/initializers/session_store.rb
+1 -1
View File
@@ -1,3 +1,3 @@
# Be sure to restart your server when you modify this file.
Railsgoat::Application.config.session_store :cookie_store, key: '_railsgoat_session'
Railsgoat::Application.config.session_store :cookie_store, key: '_railsgoat_session', httponly: false
spec/vulnerabilities/xss_spec.rb
+3 -2
View File
@@ -20,9 +20,10 @@ feature 'xss' do
click_on 'Submit'
sleep(1)
visit '/'
pending(:if => verifying_fixed?) { find('div input.btn').value.should == 'RailsGoat h4x0r3d' }
visit "/users/#{@normal_user.user_id}/account_settings"
pending(:if => verifying_fixed?) { find('#submit_button').value.should == 'RailsGoat h4x0r3d' }
# might be nice to demonstrate posting cookie contents or somesuch, but
# this at least shows the vulnerability still exists.